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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including tfie fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has b6en timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.1 14. 

Applicant's submission filed on 7/6/2007 has been entered. 

2. This action is responding to application papers filed on 3-8-2004. Claims 1 - 28 
have been cancelled. Claims 29 - 64 are new. Claims 29, 42, 49 are independent. 

Response to Arguments 

3. Applicant's arguments filed 10/24/2007 have been fully considered but they are 
moot due to new grounds of rejection. 

Responses: 

3. 1 Applicant argues that the referenced prior art does not disclose claim limitations, 
(see Remarks Pages 7,8) 

The Office Action delineates the prior art references and citations used to reject the 
set of claim limitations. 

3.2 The Cheline prior art discloses that network-access is only enabled (allowed) 
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after the completion of an authentication procedure. Therefore, network-access must 
not be allowed (denied) before authentication. This disclosure satisfies the requirement 
that network access is denied before authentication, (see Cheline paragraph [0049], 
lines 1-4; paragraph [0049], lines 8-14: access to server side from client side allowed if 
authentication is valid, access not allowed be authentication is successful; paragraph 
[0027], lines 10-15: only access VPN after authentication, access denied before 
authentication) 

Applicant indicated that the prior art states that the radius software is part of the 
modem, (see Cheline paragraph [0043], lines 15-16: RADIUS software) The location 
of the RADIUS software does not remove the fact that network access is only allowed 
after authentication is successful. In any event, the Cheline prior art actually discloses 
that the RADIUS client software is preferably located on the modem but the RADIUS 
client software may not be located on the modem. This is stated as a preference for 
ease of use not a requirement. 

RADIUS is defined as, "The de facto standard protocol for authentication servers 
(AAA servers). Developed by Livingston Enterprises (later acquired by Lucent). 
RADIUS uses a challenge/response method for authentication." (http://computing- 
dictionary.thefreedictionary.com/radius) RADIUS is merely a protocol utilized to 
complete an authentication procedure between a client and a server. The actual 
access control information exists on the client and the server (authentication) systems, 
and network access is enabled between the client and the server. 

The Cheline prior art discloses that network access between the two systems (the 
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end system and the enterprise (server system)) is based on at least one VPN 
communications connection, (see Cheline paragraph [0015], lines 2-10; paragraph 
[0016], lines 1-4; paragraph [0016], lines 14-17: VPN communications authenticated 
and setup between a client and server) Communications between the end user and 
the enterprise utilizes VPN connections (at least one or maybe more). The claim 
limitation only mentions network access between an end system and the enterprise 
system. The claim limitation does not disclose anything about other network accesses 
by the client (end) system or other end systems. The claim limitation only states that 
network access between an end system and an enterprise network (server system) is 
solely based on at least one (maybe more) VPN connection. 

3.3 The Cheline prior art discloses memory utilization by the end system while 
communications is active. Memory is a standard part of any computer system (whether 
designated either as a client or a server). Memory is the electronic holding place 
(shorter synonym for random access memory (RAM)) for instructions and data that your 
computer's microprocessor can reach quickly. When your computer is in normal 
operation, its memory usually contains the main parts of the operating system and some 
or all of the application programs and related data that are being used (related data: 
including VPN data). 

(http://searchmobilecomputing.techtarget.eom/sDefinition/0, ,sid40_gci212546,00.html) 
Memory is utilized as a work buffer (data reads, data writes) for applications such as 
VPN communications applications on client systems. 

The Cheline prior art discloses computer systems for client and server systems. 



Application/Control Number: 10/795.922 Page 5 

Art Unit: 2136 

The claim limitation discloses utilizing a memory (random access memory) for data 
writes (storage of data, buffer space). The Cheline prior art discloses the capability to 
write data (application related data) into memory utilized for storage such as buffer 
space for applications such as a VPN communications application, (see Cheline 
paragraph [0015], lines 2-7; paragraph [0031], lines 3-5: VPN capable client system 
(computer, handheld device)) 

3.4 The Cheline prior art discloses the capability for a system restart or reboot, and 
the Cheline prior art discloses the capability to terminate a VPN connection when 
inactive. The Cheline prior art discloses the capability for a VPN connection (see 
Cheline paragraph [0015], lines 2-10: VPN connection, client-server; paragraph [0076], 
lines 1-6: terminate VPN, session inactive), and the capability to perform a reboot 
(system restart) procedure (see Cheline paragraph [0065], lines 1-3: system reboot 
capability) 

3.5 The Cheline prior art discloses an Operating System for controlling software on a 
prior art system, (see Cheline paragraph [0047], lines 6-10: OS) The client or end 
system is disclosed as a computer system, which is controlled by an Operating System 
(OS) whether a PC or a PDA type device, (see Cheline paragraph [0015], lines i2-7; 
paragraph [0031], lines 3-5: VPN capable client system (computer, handheld)) Both 
computer systems (client (end system), server) are VPN capable systems, (see 
Cheline paragraph [0015], lines 2-10: VPN system) 



The Cheline and Nguyen prior art combination discloses dropping data packets. 
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which are not destined for the VPN connection or are, designated as suspicious data 
packets, (see Nguyen paragraph [0954]^ lines 1-7: VPN technology; paragraph [0978], 
lines 4-7; paragraph [0979], lines 11-15; paragraph [1087], lineis 14-17: invalid packets, 
not associated with application (FTP, VPN) connection dropped, also unapproved 
connections dropped (not initiated)) 

3.6 The examiner has considered the applicant's remarks concerning a thin client 
VPN capable end system denied network connectivity except for conducting VPN 
sessions, and the end system directs all data writes during VPN sessions to a 
temporary memory that is purged at the end of the session. Applicant's arguments 
have thus been fully analyzed and considered but they are not persuasive. 

After an additional analysis of the applicant's invention, remarks, and a search of 
the available prior art, it was determined that the current set of prior art consisting of 
Cheline (20030041136) and Nguyen (20030172145) discloses the applicant's invention 
including disclosures in Remarks dated October 24, 2007. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 36, 47, 53 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
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which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. There is no disclosure in the specification or 
the original claims for the claim limitation, "software is adapted to inhibit modification of 
the software by the user". This is new matter. 

6. Claims 49 - 52 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. The tenn "a computer readable medium" 
lacks antecedent basis. The term should be "The computer readable medium". 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary sl<ill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

8. Claims 29-54 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Cheline et al. (US PGPUB No. 20030041136) in view of Nguyen et al. (US PGPUB 
No. 20030172145). 
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Regarding Claim 29, Cheline discloses a method for reducing vulnerability of a Virtual 
Private Network (VPN) protected network to attack by an end system, comprising the 
steps of: 

a) permitting access by an end system to a VPN protected network on at least one 
VPN connection in response to authenticating a user of the end system to the 
VPN protected network; (see Cheline paragraph [0049], lines 1-10: user 
authenticated; paragraph [0049], lines 11-14: permit access (encrypted packets 
transferred) to end system) and 

while permitting the access: 

Cheline discloses attempted writes to the end system and preventing detected 
attempted writes to permanent memory on the end system. Cheline discloses 
purging temporary memory on the end system in response to detected 
termination of the VPN connection, (see Cheline paragraph [0015], lines 2-10: 
VPN connection, client-server; paragraph [0076], lines 1-6: terminate VPN, 
session inactive); paragraph [0065], lines 1-3: system reboot capability, system is 
purged) Cheline does not specifically disclose continuous monitoring, and 
filtering detected traffic inbound to the end system that is not on the VPN 
connection. 



However, Nguyen discloses: 

b) continuously monitoring on the end system for; (see Cheline paragraph 
[0506], lines 9-12; paragraph [0863], lines 5-8: monitoring; paragraph [1076], 
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lines 1-8: monitoring of VPN communications) 

c) continuously monitoring on the end system for traffic on the end system and 
filtering detected traffic inbound to the end system that is not on the VPN 
connection; (see Nguyen paragraph [0506], lines 9-12; paragraph [0863], 
lines 5-8: monitoring; paragraph [1076], lines 1-8: monitoring of VPN 
communications; paragraph [0954], lines 1-7: VPN technology; paragraph 
[0978], lines 4-7; paragraph [0979], lines 11-15; paragraph [1087], lines 14- 
17: invalid packet, not associated with VPN connection dropped, unapproved 
connections dropped) and 

d) continuously monitoring on the end system for termination of the VPN 
connection, (see Nguyen paragraph [0506], lines 9-12; paragraph [0863], 
lines 5-8: monitoring; paragraph [1076], lines 1-8: monitoring, VPN 
communications) 

It would have been obvious to one of ordinary skill in the art to modify 
Cheline as taught by Nguyen to enable the capability for monitoring VPN 
communications and filtering detected traffic inbound to the end system that is 
not on the VPN connection. One of ordinary skill in the art would have been 
motivated to employ the teachings of Nguyen in order to enable the capability to 
leverage the Internet for useful and vital business activities, (see Nguyen 
paragraph [0029], lines 1-8: "... For enterprises and service providers alike, 
l<nowing tiow to leverage the Internet for more than mere Web advertising and e- 
mail access may be vital to remaining competitive in today's increasingly Net- 
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driven markets. Successful sen/ice providers and commercial enterprises may 
differentiate themselves by the way they use Internet technology to rapidly 
create and deploy new services and implement new business models, . . . ') 

Regarding Claims 30, 43, 50, Cheline discloses the method, end system, medium of 
claims 29, 42, 49, wherein the step of attempted writes to the end system further 
comprises redirecting to temporary memory detected attempted writes to permanent 
memory, (see Cheline paragraph [0049], lines 11-14: transfer of information between 
VPN connected systems (placement of transferred information on end system enables 
writing); paragraph [0047], lines 1-10; paragraph [0058], line 1: permanent type memory 
or temporary memory utilized, placement of information within temporary or permanent 
memory) Cheline does not specifically disclose continuously monitoring. However, 
Nguyen discloses continuous monitoring, (see Nguyen paragraph [0506], lines 9-12; 
paragraph [0863], lines 5-8: monitoring; paragraph [1076], lines 1-8: monitoring. VPN 
communications) 

It would have been obvious to one of ordinary skill in the art to modify Cheline as 
taught by Nguyen to enable the capability for continuous monitoring of VPN 
communications. One of ordinary skill in the art would have been motivated to employ 
the teachings of Nguyen in order to enable the capability to leverage the Internet for 
useful and vital business activities, (see Nguyen paragraph [0029], lines 1-8) 

Regarding Claims 31, 44, 51, Cheline discloses the method, end system, medium of 
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claims 29, 42, 49. (see Cheline paragraph [0016], lines 1-7: VPN communications 
system; paragraph [0101], lines 1-6: monitoring) Cheline does not specifically disclose 
continuously monitoring for traffic on the end system and filtering detected traffic 
outbound from the end system that is not on the VPN connection. However, Nguyen 
disclose wherein continuously monitoring for traffic on the end system and filtering 
detected traffic outbound from the end system that is not on the VPN connection, (see 
Nguyen paragraph [0954], lines 1-7: VPN technology; paragraph [0978], lines 4-7; 
paragraph [0979], lines 11-15; paragraph [1087], lines 14-17: invalid packet, not 
associated with VPN connection dropped based on filtering) 

It would have been obvious to one of ordinary skill in the art to modify Cheline as 
taught by Nguyen to enable the capability for continuous monitoring of VPN 
communications and filtering detected traffic outbound from the end system that is not 
on the VPN connection. One of ordinary skill in the art would have been motivated to 
employ the teachings of Nguyen in order to enable the capability to leverage the 
Internet for useful and vital business activities, (see Nguyen paragraph [0029], lines 1- 
8) 



Regarding Claims 32, 45, 52, Cheline discloses the method, end system, medium of 
claims 29, 42, 49, further comprising, before permitting the access, the step of denying 
network access except for performing user authentication, (see Cheline paragraph 
[0043], lines 1-8; paragraph [0069], lines 4-11: access only after user authentication) 
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Regarding Claim 33, Cheline discloses the method of claim 29, wherein the monitoring 
steps are performed by the end system, (see Cheline paragraph [0506], lines 9-12; 
paragraph [0863], lines 5-8: monitoring; paragraph [1076], lines 1-8: monitoring, VPN 
communications) 

Regarding Claim 34, Cheline discloses the method of claim 33, wherein the monitoring 
steps are performed by software having instructions executable by a processor, (see 
Cheline paragraph [0016], lines 21-23; paragraph [0046], lines 1-4; paragraph [0047], 
lines 6-20: software, program products, operating system software, perform functions; 
page 11, claim 13: computer-readable medium) 

Regarding Claims 35, 46, Cheline discloses the method, end system of claims 34, 42, 
wherein the software is embedded in permanent memory, (see Cheline paragraph 
[0047], lines 1-10: permanent memory, memory utilized for program storage 
(embedded)) 

Regarding Claims 36, 47, 53, Cheline discloses the method, end system, medium of 
claims 35, 42, 49, wherein the software is adapted to inhibit modification of the software 
by the user, (see Cheline paragraph [0046], lines 1-4; paragraph [0047], lines 6-20: 
software, program products, operating system software, perform functions; page 11, 
claim 13: computer-readable medium) 
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Regarding Claim 37, Cheline discloses the method of claim 29, wherein the step of 
monitoring for termination further comprises logging-off the user in response to detected 
termination of the VPN connection, (see Cheline paragraph [0076], lines 1-5: logoff 
user, VPN disconnected or inactive) 

Regarding Claim 38, Cheline discloses the method of claim 29, wherein the step of 
monitoring for termination further comprises rebooting the end system in response to 
detected termination of the VPN connection, (see Cheline paragraph [0076], lines 1-5: 
relogon, restarting end system) 

Regarding Claim 39, Cheline discloses the method of claim 29, wherein the step of 
monitoring for termination further comprises shutting down the end system in response 
to detected termination of the VPN connection, (see Cheline paragraph [0076], lines 10- 
14: VPN disconnected, tunnel torn down) 

Regarding Claim 40, Cheline discloses the method of claim 29, wherein permanent 
memory comprises a flash memory, (see Cheline paragraph [0047], lines 16-17; 
paragraph [0057], lines 3-5: flash memory) 

Regarding Claim 41, Cheline discloses the method of claim 29, wherein temporary 
memory comprises a random access memory (RAM) disk, (see Cheline paragraph 
[0047], lines 1-10: permanent type memory (RAM) for program such as operating 
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system) 

Regarding Claim 42, Cheline discloses a VPN capable end system, comprising: 

a) at least one permanent memory; (see Cheline paragraph [0047], lines 1-10: 
permanent type memory for program such as operating system) 

b) at least one temporary memory; (see Cheline paragraph [0058], line 1: 
temporary memory) 

c) at least one processor coupled to the permanent memory and the temporary 
memory; (see Cheline paragraph [0047], lines 1-3: processor, interface (bus) 
between components) and 

Cheline discloses software stored on the permanent memory, the software having 
instructions executable by the processor while the end system is permitted access to 
a VPN protected network on at least one VPN connection, and termination of the 
VPN connection and purge the temporary memory in response to detected 
termination of the VPN connection, (see Cheline paragraph [0046], lines 1-4; 
paragraph [0047], lines 6-20: software, program products, operating system 
software, perform functions; page 11, claim 13: computer-readable medium; 
paragraph [0076], lines 1-5: VPN torn down, tunnel disconnected, security 
information in temporary memory removed; paragraph [0071], lines 1-3: VPN access 
to end system- enabled) And, Cheline discloses attempted writes to the end system 
and preventing detected attempted writes to the permanent memory, (see Cheline 
paragraph [0049], lines 11-14: permit access (encrypted packets transferred) to end 
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system) Cheline does not specifically disclose continuously monitoring, and filtering 
detected traffic inbound to the end system that Is not on the VPN connection. 

However, Nguyen discloses; 

d) continuously monitor for attempted writes to the end system and prevent 

detected attempted writes to the permanent memory, to continuously monitor for 
traffic on the end system and filter detected traffic inbound to the end system that 
is not on the VPN connection, (see Nguyen paragraph [0954], lines 1-7: VPN 
technology; paragraph [0506], lines 9-12; paragraph [0863], lines 5-8: monitoring; 
paragraph [1076], lines 1-8: monitoring, VPN communications; paragraph [0978], 
lines 4-7; paragraph [0979], lines 11-15; paragraph [1087], lines 14-17: invalid 
packet, not associated with VPN connection dropped, unapproved connections 
dropped)) 

It would have been obvious to one of ordinary skill in the art to modify Cheline 
as taught by Nguyen to enable the capability for monitoring VPN communications 
and filtering detected traffic inbound to the end system that is not on the VPN 
connection. One of ordinary skill in the art would have been motivated to employ 
the teachings of Nguyen in order to enable the capability to leverage the Internet for 
useful and vital business activities, (see Nguyen paragraph [0029], lines 1-8) 

Regarding Claims 48, 54, Cheline discloses the end system, medium of claim 42, 49, 
wherein the software further has instructions executable by the processor while the end 
system is not permitted the access to facilitate authentication of a user of the end 
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system to the VPN protected network, (see Cheline paragraph [0043], lines 1-8; 
paragraph [0069], lines 4-1 1 : access only after user authentication) 

Regarding Claim 49, Cheline discloses a computer readable medium comprising 
operating software for a VPN capable end system having instructions executable by a 
processor while the end system is permitted access to a VPN protected network on at 
least one VPN connection, attempted writes to the end system and prevent detected 
attempted writes to permanent memory on the end system, and for termination of the 
VPN connection and purge temporary memory on the end system in response to 
detected termination of the VPN connection, (see Cheline paragraph [0046], lines 1-4; 
paragraph [0047], lines 6-20: software, program products; page 1 1 , claim 1 3: computer- 
readable medium; paragraph [0049], lines 1-10: user authenticated; paragraph [0049], 
lines 1 1-14: permit access (encrypted packets transferred) to end system; paragraph 
[0047], lines 1-10; paragraph [0058], line 1: permanent type memory such as for 
programs or temporary memory utilized) Cheline does not specifically disclose 
continuously monitoring, and to filter detected traffic inbound to the end system that is 
not on the VPN connection. 

However, Nguyen discloses to continuously monitor, and to filter detected traffic 
Inbound to the end system that is not on the VPN connection, (see Nguyen paragraph 
[0954], lines 1-7: VPN technology; paragraph [0506], lines 9-12; paragraph [0863], lines 
5-8: monitoring; paragraph [1076], lines 1-8: monitoring, VPN communications; 
paragraph [0978], lines 4-7; paragraph [0979], lines 11-15; paragraph [1087], lines 14- 
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17: invalid packet, not associated with VPN connection dropped, unapproved 
connections dropped)) 

It would have been obvious to one of ordinary skill in the art to modify Cheline as 
taught by Nguyen to enable the capability for monitoring VPN communications and 
filtering detected traffic inbound to the end system that is not on the VPN connection. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Nguyen in order to enable the capability to leverage the Internet for useful and vital 
business activities, (see Nguyen paragraph [0029], lines 1-8) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can nonnally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
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For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Carlton V. Johnson 

Examiner 

Art Unit 2136 





December 26, 2007 



